Locking out the user/session if they enter wrong password for the mentioned number of times

Core Engine and APIs
1

Hi,

We would like to lock the user for a temporary amount of time if they enter the wrong password consecutively for N times(Configured value).

Could you please point me to the code area or section in confd for achieving this functionality?

Regards,
Ranjith

2

I am not aware of anything like that built into ConfD. If that’s indeed the case, you are on your own. This means that:

  • you need to have the value N, number of failed attempts before a lock, somewhere in your data model
  • you need to take care of the authentication - either a rather simple external authentication binary that uses ConfD’s AAA model for usernames and passwords, or use a system like PAM with its plugins
  • if you use PAM, you also need to have a subscriber that tells the PAM plugin about changes in the value N.
1 Like